Cybersecurity has been at the top of the agenda for many businesses following the global Wanna Decryptor (WannaCry) ransomeware attack that grabbed headlines in May 2017. The latest in a line of high-profile attacks, WannaCry saw more than 45,000 attacks recorded in almost 100 countries, including the United Kingdom, United States, India and China.
As food manufacturing plants become more connected through the Industrial Internet of Things (IIoT), the threat of cyberattacks and how much damage they can do has increased.
IIoT is creating many exciting opportunities for the manufacturing industry; however, the increased use of connected devices and systems also has resulted in a rise in cyberattacks. For many, the word “cyberattack” conjures images of email hacking and stolen bank details, but it also can have a significant impact on plant production processes if systems are not correctly protected.
Although it can be difficult to prevent a cyberattack from happening, manufacturers can take a number of precautions to minimize risk and protect themselves.
Identifying the gaps
Research conducted by the U.K. government found that while one in four large firms experience a breach in cybersecurity at least once a month, only half have taken any action to address vulnerabilities. Furthermore, only one-third of the firms surveyed had any form of cybersecurity policy at all.
The first step in securing your plant’s system is to quickly identify the devices and software that are most vulnerable. To do this, plant managers should appoint an individual or team, depending on the size of the facility, to assume responsibility for cybersecurity. Once appointed, they should conduct an in-depth security assessment and establish a program of regular monitoring to identify weaknesses and the actions that need to be taken to improve security.
Many plants now operate with a bring your own device (BYOD) policy, allowing employees to access systems, software and networks through their personal devices. The concept brings with it many benefits, including increased productivity and reduced IT costs. However, it is important that there is a security policy in place to ensure breaches do not occur.
The biggest cause of breaches is the lack of a functional firewall and up-to-date firmware throughout a business. Firewalls often are the first line of defense against a cyberattack, protecting the perimeter of a network. Users must ensure that their devices have the latest software updates, as they often include security patches to protect against new cyberthreats.
Cyberattacks constantly are evolving to get around security protocols, so it is vital that the software on any device accessing the network is up-to-date. Connecting to unsecure Wi-Fi and Bluetooth networks also can pose a danger. Security managers should ensure that users always connect to secure networks that are password protected.
Standards and policies
The digital landscape constantly is evolving and, as such, the standards and policies that businesses put in place to protect themselves also should adapt.
No single solution will protect all businesses, so it is important to seek the advice of organizations, such as ABB, to create a company-wide policy that can detect, deter and prevent the threat of a cyberattack. In additon to a company’s IT network with traditional laptops, many food and beverage manfuacturers also maintain a connected automation network.
This network controls a manufacturing plant’s production — from a simple control like mixing bagel dough to more potentially dangerous processes like decanting oils (where high kinetic speeds can pose safey hazards). Recipies are managed on these systems, and companies also have a large financial interest in protecting their automation networks from cyberattacks.
Software, like the ABB Ability System 800xA, provides bespoke cybersecurity solutions across an entire system life cycle, with multiple layers of security controls that are continually updated.
Even with a robust security system in place, however, it is vital that manufacturers keep an off-site back-up to ensure data is protected in the event of a cyberattack. Keeping this back-up off-the-grid will ensure a much smoother recovery process of critical data.
Although awareness of cyberattacks has risen in the past year, businesses must now move to take action and ensure that their systems are adequately protected. The WannaCry ransomeware attack has proven that all businesses are vulnerable, no matter their size, and that no one should take cybersecurity for granted. BI